mirror of
https://github.com/hohn/codeql-c-sqli.git
synced 2025-12-16 10:33:03 +01:00
29 lines
784 B
Plaintext
29 lines
784 B
Plaintext
import cpp
|
|
import semmle.code.cpp.models.Models
|
|
import semmle.code.cpp.models.interfaces.FlowSource
|
|
|
|
// get sources / sinks from stdlib, use in our flow
|
|
|
|
// from RemoteFlowSourceFunction rfs, FunctionOutput output, string description
|
|
// where rfs.hasRemoteFlowSource(output, description)
|
|
// select rfs, rfs.getACallToThisFunction(), output, description
|
|
|
|
import semmle.code.cpp.models.interfaces.Sql
|
|
|
|
from SqlExecutionFunction sef
|
|
select sef, sef.getACallToThisFunction()
|
|
|
|
|
|
class Foo extends Expr {
|
|
Foo () { this.getNumChild() = 1 }
|
|
Expr getTheChild() {
|
|
result = this.getChild(0)
|
|
// given set f, in python: {element.getChild(0) for element in f}
|
|
}
|
|
}
|
|
|
|
// from Foo f
|
|
// select f, f.getTheChild()
|
|
|
|
// from BinaryOperation bin
|
|
// select bin, bin.getAChild() |